A denial of service attack forced internet payments firm
WorldPay offline for three days last week, despite a desperate
battle by IT staff to keep systems up and
running.
More than 10,000 UK-based online retailers, including Sony and
Vodafone, were affected by the attack, which the Royal Bank of
Scotland-owned payments services firm described as "concerted and
co-ordinated".
Payment processing systems, e-mail and the corporate website were
all hit. E-mail communication was restored on Tuesday afternoon but
the payment processing systems - vital to the running of online
merchants' operations - were down until Thursday evening.
WorldPay has failover and disaster recovery technology in place and
uses multilayered security, but these measures were not enough
against the scale of the attack, said Simon Fletcher, head of UK
communications at WorldPay.
"It is not as if we lost a server - this was a co-ordinated
effort," he said. "The key for us is to try to get on and resolve
the issue and take lessons so it does not happen again. Although we
have been subject to a denial of service attack, the integrity and
security of our systems and data is in no way compromised."
The Federation of Small Businesses said the attack on WorldPay's
systems would undermine his members' confidence in
e-commerce.
"This is hugely damaging," said David Bishop, spokesman at the FSB.
"The majority of small businesses use third parties such as
WorldPay for payment processing. This attack is going to have an
immediate impact on the cashflow of online retailers and will
undermine small retailers' confidence in e-commerce."
WorldPay, which has 27,000 users globally, said there was no
apparent motive for the attack, which appeared to originate from
computers in Ukraine.
During the attack the bank set up a back-up process, supplying
customers with new addresses that would bypass the current system.
However, this required customers to modify their own systems to
make it effective.